As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. An option is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes.
Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use, such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc.
In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information; and may include one or more computer systems, data storage systems, and/or networking systems.
However, in today's fast-paced world, electronic files and data stored in an IHS is subject to “ransomware.” Generally speaking, ransomware is a “malware” program that covertly installs itself on a victim's IHS, executes a crypto-virology attack (e.g., it uses a public encryption key to encrypt the victim's data, which only the attacker can undo using a private key corresponding to the public key), and then demands ransom payment from the victim in order to decrypt the otherwise “kidnapped” data. In many cases, ransomware stops all currently running processes—both user and system processes, including any antivirus programs—and takes control of the victim's IHS.
Typically, data encrypted by ransomware may be recovered only by: (a) paying the ransom and use the private key provided by the attacker to decrypt the data; or (b) ignoring the threat and relying on backup storage to get the latest version of the “kidnapped” data (assuming that the latest version is not the ransomware's encrypted version). With respect to option (b), however, the inventors hereof have recognized that backup services are costly and can raise privacy issues, for example, depending upon the location of the storage device (e.g., a remote server on a “cloud”) and the importance or criticality of the data itself. There are no other techniques available for recovering data from a ransomware attack.
Accordingly, the inventors hereof have determined that protection and integrity of applications is becoming a critical front in mitigating sophisticated attacks. As opposed to data at rest, ransomware threats target the actual data consumer/generator and communication applications. To address these, and other concerns, the inventors hereof have developed systems and methods for runtime protection and integrity of applications to mitigated sophisticated attacks, such as ransomware or the like.